In Managed Firewall / UTM log analysis function, please tell me the meaning of each item displayed in the field of Raw log.
The main items in the Raw log and their meanings are as follows.
１．The meaning of each item displayed in the field of Raw log.
|Item||Meaning of item|
|type =||Displays the type of log.|
For traffic logs, [type = traffic] is displayed. For security logs, [type = utm] is displayed.
|subtype =||Displays the type of log.|
For traffic logs, [subtype = forward] is displayed. For security logs, UTM functions detected [subtype = ips etc.] are displayed.
|srcip =||Displays the source IP address.|
|srcintf =||Displays the interface for which communication has been entered (received) on the Managed Firewall / UTM.|
|dstip =||Displays the destination IP address.|
|dstintf =||Displays the interface for which communication has been output (sent) on Managed Firewall / UTM.|
|proto =||Displays the protocol number described in the IP header.|
ICMP: [proto = 1], TCP: [proto = 6] and UDP: [proto = 17].
|action =||Displays the process result of the corresponding communication in Managed Firewall / UTM.|
When communication is permitted, UDP / ICMP: [action = accept] and TCP: [action = close].
# When TCP communication ends, the log is output as [action = close].
|policyid =||Displays the Policy ID of Firewall Policy that matched communication with Managed Firewall / UTM.|
|trandisp = dnat||Displayed when SourceNAT or DestinationNAT is applied.|
For SourceNAT, [trandisp = snat] is displayed. For DestinationNAT, [trandisp = dnat] is displayed.
|tranip =||Displays the IP address translated when Destination NAT is applied.|
|tranport =||Displays the port number (translated by Port Forward) when Destination NAT is applied.|
# If you do not set Port Forward, the destination port will be displayed as [tranport =].
|duration =||Displays the time (in seconds) from the start of communication to the end.|